[Secure-testing-team] CVE-2007-5740: Security Bug in Perdition
Steffen Joeris
steffen.joeris at skolelinux.de
Thu Nov 1 07:56:33 UTC 2007
Hi Simon
On Thu, 1 Nov 2007 05:35:36 pm Simon Horman wrote:
> I wish to advise that a security vulnerability has been found in
> perdition which may lead to an attacker being able to execute arbitrary
> code on the machine running perdition without the need for
> authentication.
Thank you very much for the information and the great cooperation.
> The bug will be hence forth tracked as CVE-2007-5740
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5740
As soon as the CVE shows up in the tracker and on the mitre page, I will mark
it as fixed in sid accordingly.
Do you expect any problems with the migration from unstable to testing? The
last uploads show that the package migrated after the quarantine time
according to the urgency. Therefore, I suspect that the package should
migrate after two days (assuming that all the buildds pick it up). Thus,
there should be no need for a DTSA. I will inform you though, if that should
change and then give you a go for an upload, if migration does not happen
soonish.
Thanks again for the efforts and communication.
Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071101/83520f45/attachment.pgp
More information about the Secure-testing-team
mailing list